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ACCESS DEVICE INTERFACE FOR USER MODEL-BASED 
INTERACTIVE TELEVISION 

CROSS-REFERENCE TO RELATED APPLICATIONS 

5 

This application claims the benefit of U.S. Provisional Patent 
Application No. 60/267,215 entitled "User Model for Interactive Television System," 
filed February 7, 2001 and is incorporated herein by reference. 

10 TECHNICAL FIELD 

This disclosure relates generally to interactive television systems, and 
in particular but not exclusively, relates to systems for controlling access to 
interactive television systems. 

15 

BACKGROUND 

Televisions and Internet technologies are beginning to converge. For 
example, the Internet is gaining television like qualities, such as the capability to play 

20 videos and music, and to broadcast live video feeds, and televisions are becoming 
more interactive like the Internet. In particular, access to the World Wide Web via 
Internet-enabled television systems is progressing and becoming more popular. 
Such television systems allow users to access both Web content information and 
television content information from a single system. The content information may 

25 contain content that is offensive or inappropriate for viewing by certain viewers, e.g. 
children. 
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Conventional systems typically use a set top box (STB) to provide 
access to the interactive television system. These systems tend to treat each STB 
as an independent unit. These systems are disadvantageous in various aspects. 
First, they typically allow only primitive configuration functions. Second, they 
typically do not provide convenient support across multiple access devices. Third, 
they typically do not provide convenient support across multiple applications and 
services. 
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BRIEF DESCRIPTION OF THE DRAWINGS 



Non-limiting and non-exhaustive embodiments of the present invention 
are described with reference to the following figures, wherein like reference 
5 numerals refer to like parts throughout the various views unless otherwise specified. 

Figure 1 is a simplified diagram illustrating an interactive television 
system, according to one embodiment of the present invention. 

Figure 2 is a step diagram illustrating a client system, according to one 
embodiment of the present invention. 
10 Figure 3 is a step diagram illustrating an exemplary device, according 

to one embodiment of the present invention. 

Figure 4 is a diagram illustrating an exemplary control device, 
according to one embodiment of the present invention. 

Figure 5 is a logical object diagram illustrating a single household user 
15 model, according to one embodiment of the present invention. 

Figure 6 is a logical object diagram illustrating a multi-household user 
model, according to one embodiment of the present invention. 

Figure 7 is a diagram illustrating components of a logical object, 
according to one embodiment of the present invention. 
20 Figure 8 is a diagram illustrating components of a user object, 

according to one embodiment of the present invention. 

Figure 9 is a flow diagram illustrating the operational flow in using a 
user model as depicted in Figure 5, according to one embodiment of the present 
invention. 

25 Figure 10 is a flow diagram illustrating the addition a new user object 

to a household, according to one embodiment of the present invention. 
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Figure 1 0A is a flow diagram illustrating the reception of user 
information for a first user object, according to one embodiment of the present 
invention. 

Figure 11 is a diagram illustrating a revision history, according to one 
5 embodiment of the present invention. 

Figure 12 is a flow diagram illustrating one embodiment of providing 
update information to access devices in a household, according to the present 
invention. 

Figure 13 is a flow diagram illustrating one embodiment of receiving of 
10 update information for a user object, according to the present invention. 

Figure 14 is a flow diagram illustrating one embodiment of determining 
an update for a particular access device, according to the present invention. 

Figure 15 is a flow diagram illustrating one embodiment of adding a 
new access device to a household, according to the present invention. 
15 Figure 16 is a flow diagram illustrating one embodiment of adding a 

user object to a household, according to the present invention. 

Figure 17 is a flow diagram illustrating one embodiment of revising a 
user object, according to the present invention. 

Figure 18 is a flow diagram illustrating one embodiment of using a 
20 single password to access multiple password protected services. 
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DETAILED DESCRIPTION OF THE ILLUSTRATED EMBODIMENTS 



Embodiments of a system and method for accessing an interactive 
television system are described herein. In the following description, numerous 
5 specific details are provided, such as implementations of client systems and 
devices, to provide a thorough understanding of embodiments of the invention. One 
skilled in the relevant art will recognize, however, that the invention can be practiced 
without one or more of the specific details, or with other methods, components, 
materials, etc. In other instances, well-known structures, materials, or operations 

10 are not shown or described in detail to avoid obscuring aspects of the invention. 

Reference throughout this specification to "one embodiment" or "an 
embodiment" means that a particular feature, structure, or characteristic described 
in connection with the embodiment is included in at least one embodiment of the 
present invention. Thus, the appearances of the phrases "in one embodiment" or "in 

15 an embodiment" in various places throughout this specification are not necessarily 
all referring to the same embodiment. Furthermore, the particular features, 
structures, or characteristics may be combined in any suitable manner in one or 
more embodiments. 

In accordance with aspects of the present invention, a user model for 

20 interactive television systems is provided. In one aspect, the user model organizes 
access devices (e.g., STBs) into household objects (or simply "households"), with 
each access device in a household being logical extensions of each other. In 
particular, each access device has a corresponding access device "object" 
associated with a household. 

25 In addition, each household can have multiple user objects, with each 

user object having its own independent configuration of attributes and data. This 
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aspect of the present invention allows a user to create or reconfigure a user object 
by logging on to an authorized user object at any one of the access devices of the 
household. The other access devices (if any) in the household automatically receive 
the user object information of a new or reconfigured user object without any further 
5 action by the user. Thus, this aspect advantageously allows a single operation to 
configure and/or reconfigure all of the access devices in a household with the user 
object information of a new or revised user object. In a related aspect of the present 
invention, when a user adds a new access device to the household, the new access 
device automatically receives the user object information of user objects already 

10 existing in the household, without any further action by the user. In one 
embodiment, this automatic exchange of user object information is coordinated by a 
server that stores the configuration information of each household and its 
associated user objects. This server, for example, can be operated by a multiple 
service operator (MSO) or service provider. Alternatively, the server may be at a 

1 5 broadcast center for a satellite broadcast system. 

In another aspect of the present invention, the information of a user 
object is updated using a revision information file. An access device sends updated 
user object information to a server when a user changes the user object information 
of a user object via that access device. In one embodiment, the server receives the 

20 updated user object information and stores the updated information in a file 
corresponding to the user object. In addition, the server creates an update entry for 
the received update information, which is stored in a list. The update entry includes 
a ticket number, and a bit vector with the bit corresponding to the updated 
information being set. The ticket number is incremented for each new update entry. 

25 To update the user object information of user object in a particular 

access device, the server receives the ticket number of the access device's current 
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configuration for that user object. The server then determines an update vector for 
that access device as a function of the access device's bit vector current ticket 
number and more recent bit vectors from other access devices. In one 
embodiment, the server then provides the update vector to that access device. That 
5 access device can then request the updated user object information corresponding 
to each set bit in the update vector. This operation is performed for all of the access 
devices in the household on an ongoing basis. 

In yet another aspect of the invention, the user model supports 
associating multiple usernames and passwords to a user object. This aspect allows 

10 the user object to contain the user names and passwords to access various 
applications and services that may require separate passwords. For example, the 
interactive television system may provide, in addition to the basic interactive service, 
pay per view (PPV), parental control, video on demand (VOD) and electronic wallet 
applications or services. This aspect advantageously allows a user to access all of 

15 these applications and services using a single username and password. In a further 
refinement, any activity that initiates a billing event can cause a password challenge 
for verification before proceeding with the activity. 

The present invention provides techniques for controlling access to an 
interactive television system. Figure 1 depicts a simplified diagram of a system 100 

20 for distributing Internet content and television content in which an embodiment of the 
present invention may be embodied. In accordance with an embodiment of the 
present invention, system 100 is integrated with a cable TV distribution system. 
Such cable television distribution systems may include cable headends (H/Es), 
which are well known in the art. 

25 As shown in Figure 1, system 100 includes a communication 

network 102, several content sources 104 r 104 N , several broadcast 
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centers 106r1 06 M and several client systems (CSs) 108n-108 M j- In addition, 
system 100 also includes a server of the interactive television service provider, 
which can reside in one or more of broadcast centers 106r106 M . In accordance 
with the present invention, CSs 108n-108 M j (more particularly, access devices that 

5 are part of the CSs) are part of households 121 ir 121 Y z. As will be described in 
further detail below, households allow for advantages in reconfiguring certain 
aspects of the CSs. 

Communication network 102 provides a mechanism for distributing 
multimedia content from content sources 104i-104 N to broadcast centers 106i-106 M . 

10 Communication network 102 may itself be comprised of many networks, 
interconnected computer systems and communication links. While in one 
embodiment, communication network 102 is the Internet, in other embodiments, 
communication network 102 may be any suitable computer network. For purposes 
of describing the present invention, it will be assumed that communication 

15 network 102 is the Internet Communications over Internet 102 are accomplished 
using standard protocols such as TCP/IP (transmission control protocol/internet 
protocol) and other protocols. System 100 depicted in Figure 1 is merely illustrative 
of an embodiment incorporating the present invention and does not limit the scope 
of the invention as recited in the claims. One of ordinary skill in the art would 

20 recognize other variations, modifications, and alternatives. 

As shown in Figure 1, content sources 104 r 104 N may be connected to 
Internet 102. Additionally, content sources 104r104 N may be connected to several 
data feeds, servers, and information sources that in turn provide content information 
to content sources 104i-104 N . For example, content source 104i may be connected 

25 to receive content information from data feeds 112, advertisement servers 114, 
image sources 116, streaming multimedia sources 118, including streaming audio 
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and streaming video sources, and other like sources of content information. For 
example, news or stock quote feeds 112 may be fed into content source 104i, 
servers 114 may provide advertisements for insertion into multimedia content 
delivered by content source 104^ and sources 116 and 118 may provide images, 
5 streaming video, and other content to content source 104i. Various other feeds, 
servers and sources may also be connected to content source 104i. Examples of 
content sources 104i include web site portals such as Go2Net.com, or news web 
sites such as CNN.com, and the like. Similarly, (although not shown in Figure 1 to 
promote clarity) content sources 104 2 -104 N may also receive content information 

10 from data feeds 112, advertisement servers 114, image sources 116, streaming 
multimedia sources 118. 

Content sources 104 r 104 N may also be connected directly to 
broadcast centers 106i-106 M via communication links or communication 
networks 120. Communication links 120 may include may be hardwire links, optical 

15 links, satellite or other wireless communication links, wave propagation links, or any 
other mechanisms for communication of multimedia content information. 

Broadcast centers 106i-106m may be connected to Internet 102, and 
to content sources 104 r 104 N via communication links 120. Each broadcast 
center 106i-106m may also be connected to several CSs. For example, broadcast 

20 center 106i may be connected to CSs 108h-108il, broadcast center IO62 may be 
connected to CSs 1082i-108 2 k, and so on, to broadcast center 106m, which may 
connected to CSs 108mi-108mj. Each broadcast center is configured to receive 
content information from its corresponding content source and/or from Internet 102, 
and to forward the content information to its corresponding CSs. The content 

25 information may include Web content information, television content information and 
other multimedia content information. In a specific embodiment of the present 

9 
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invention, as shown in Figure 1, broadcast centers 106i-1 06m comprise cable 
headends (H/Es). 

A satellite TV delivery system may comprise a direct broadcast 
satellite (DBS) system. A DBS system may comprise a small 18-inch satellite dish 
5 (which is an antenna for receiving a satellite broadcast signal); a digital integrated 
receiver/decoder (IRD), which separates each channel, and decompresses and 
translates the digital signal so a television can show it; and a remote control. 
Programming for a DBS system may be distributed, for example, by multiple high- 
power satellites in geosynchronous orbit, each with multiple transponders. 

10 Compression (e.g., MPEG) is used to increase the amount of programming that can 
be transmitted in the available bandwidth. 

A digital broadcast center may be used to gather programming 
content, ensure its digital quality, and transmit the signal up to the satellites. 
Programming may come to the broadcast center from content providers (TBS, HBO 

15 CNN, ESPN, efc.) via satellite, fiber optic cable and/or special digital tape. Satellite- 
delivered programming is typically immediately digitized, encrypted and uplinked to 
the orbiting satellites. The satellites retransmit the signal back down to every earth- 
station - or, in other words, every compatible DBS system receiver dish at 
customers' homes and businesses. Some programs may be recorded on digital 

20 videotape in the broadcast center to be broadcast later. Before any recorded 
programs are viewed by customers, technicians may use post-production equipment 
to view and analyze each tape to ensure audio and video quality. Tapes may then 
be loaded into a robotic tape handling systems, and playback may be triggered by a 
computerized signal sent from a broadcast automation system. Back-up videotape 

25 playback equipment may ensure uninterrupted transmission at all times. 
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As previously mentioned, in accordance with the present invention, the 
CSs are organized into households. For example, in this embodiment, a 
household 121 n includes CSs 108n and 108i 2 . A household can include a single 
CS as shown for example, by a household I21 iw that includes only CS108n_. 
5 Further, as shown in Figure 1, a broadcast center can support one or more 
households. 

Each CS can receive multimedia content, including Web content and 
television content, from its corresponding broadcast center. Each CS can then 
output received multimedia content to a user of the household containing the CS. 

10 For example, in the embodiment of Figure 1, CS 108n receives multimedia content 
from broadcast center 106i and outputs the multimedia content to a user of 
household 121n. In one embodiment, each CS includes an access device that 
allows a user to receive authorized multimedia content and to communicate with the 
server of the interactive television service provider. 

15 In addition, according to the present invention, each household can 

have multiple user objects, with each user object having its own independent 
configuration of attributes and data. For example, a user object may have an 
administrator attribute, when enabled, allows the user object to change the 
configuration of other user objects. Attributes and data are described below in more 

20 detail in conjunction with Figures 7 and 8. 

In general, a user accesses the interactive television system by 
logging on to a user object. A user can create or reconfigure a user object via any 
one of the CSs in the household by logging on to an authorized user object (e.g., a 
user object that has its administrator attribute enabled). The server of the 

25 interactive television service provider receives information related to the new or 
reconfigured user object and provides update information to the other CSs (if any) in 
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the household. In this way, other CSs in the household are automatically 
reconfigured with the new user object information without any further action by the 
user. Thus, a user can configure all of the CSs in a household with a new or revised 
user object in a single operation. As will be described below, one embodiment of a 
5 CS includes an "access device" that can store information (including information 
related to user objects associated with the household). Thus, households are also 
described herein as having "access devices" rather than CSs (which can include 
components in addition to an access device). 

In another aspect of the present invention, when a user has a new CS 

10 added to the household, information associated with the new CS is received by the 
server of the interactive television service provider. This server can then provide the 
most recent user object information to the new CS. In one embodiment, a user 
must be logged onto a user object with its administrator attribute enabled to add a 
new CS to the household. In this way, the new CS automatically receives the user 

15 objects associated with the household without any further action by the user. 

In yet another aspect of the invention, user objects can also contain 
the separate usernames and passwords that may be needed to access various 
applications and services that the interactive television system provides. For 
example, the interactive television system may provide, in addition to the basic 

20 interactive service, pay per view (PPV), parental control, video on demand (VOD) 
and electronic wallet applications or services. These applications and services, in 
addition to having different usernames and passwords, may also be linked to 
specific access devices. This aspect advantageously allows a user to access all of 
these applications and services using a single username and password. In contrast, 

25 some conventional systems require that a user remember several different 
usernames and passwords for the various applications and services and may even 
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require different usernames and passwords to access the same service from 
different access devices. In a further refinement, any activity that initiates a billing 
event can cause a password challenge for verification before proceeding with the 
activity. 

5 Embodiments of processes using the user model are described below 

in conjunction with Figures 5-17. However, embodiments of hardware used to 
implementing the processes are described next. 

Figure 2 depicts a simplified step diagram of a CS 108 according to an 
embodiment of the present invention. CS 108 can be used to implement any or all 

10 of CSs 108h-108mj (Figure 1). This embodiment of CS 108 includes an access 
device 130 connected to an output device 132 via communication link 142, and a 
control device 138 connected to access device 130 via a communication link 140. 
Access device 130 can be a STB, a personal computer, Web Pad (e.g., a personal 
computer in tablet form that uses a touch screen rather than a keyboard), or a 

15 personal digital assistant (PDA), a cell phone, or a hybrid device combining some of 
the features and functionalities of the preceding devices, suitable for interacting with 
the Internet, cable system operator and/or other media service operators. 

Output device 132 is configured to output multimedia content 
information to the user of CS 108. In some embodiments, output device 132 may 

20 be implemented as a television or other display device, or can be built in as part of 
access device 130 (e.g., personal computer, PDA or other like device). In a 
preferred embodiment of the present invention, access device 130 and output 
device 132 is part of a broadband Internet-enabled television system. 

Output device 132 may include an audio output device 134 for 

25 outputting audio information to the user, and a display device 136 for outputting 
video, image, and text information to a user. Display device 136 may be a cathode 

13 
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ray tube (CRT), a flat-panel device such as a liquid crystal display (LCD), a 
projection device, or any other device suitable for outputting visual information, 
including streaming video, images, and text, to the user. Audio output device 134 
may be a speaker, or any other device suitable for outputting audio information 
5 embedded in the Web content and television content received from a broadcast 
center (see Figurel) to the user. Although, Figure 2 depicts an output device in 
which display device 136 and audio output device 134 are integrated into one output 
device 132, in alternate embodiments of the present invention the display device 
and the audio output device may be embodied in separate devices. 

10 Control device 138 may be used by the user to control the functionality 

of CS 108. Control device 138 communicates with access device 130 via 
communication link 140 that is generally an infrared (IR) communication link. 
However, in alternate embodiments of the present invention, communication 
link 140 may also be a hardwire link, an optical link, or any other means for 

15 communicating information from control device 138 to access device 130. Control 
device 138 may be embodied as a television remote control device, a keyboard, a 
mouse, or any other device which allows a user to input information to CS 108. 

According to an embodiment of the present invention, access 
device 130 is implemented as a STB that includes hardware and software to receive 

20 multimedia content information, including Web content and television content, from 
broadcast centers 106i-106m (Figure 1). Access device 130 also contains hardware 
and software to output the multimedia content to the user via output device 132. 
Access device 130 also performs functions allowing the user to control the manner 
in which the multimedia content is downloaded to CS 108 and presented to the user. 

25 Access device 130 includes components and modules that regulate a user's access 
to Web and television content output by access device 130. Access device 130 is 
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connected to output device 132 via communication link 142. Communication 
link 142 may include a video channel for communicating video information from 
access device 130 to output device 132 and an audio channel for communicating 
audio information from access device 130 to output device 132. 
5 Figure 3 is a simplified step diagram of an exemplary access 

device 130 according to an embodiment of the present invention. Access 
device 130 typically includes at least one processor 162 that communicates with a 
number of peripheral devices via a bus subsystem 160. These peripheral devices 
may include a storage subsystem 164, comprising a memory subsystem 166 and a 
10 file storage subsystem 172, a video subsystem 178, an audio subsystem 176, a 
broadcast center interface subsystem 174, and a control device interface 
subsystem 180. 

Distribution interface subsystem 174 provides an interface for 
receiving multimedia content information from broadcast center 106. The 
15 multimedia content is then processed and forwarded to display device 136 and/or to 
audio output device 134 for output to the user. Control device interface 
subsystem 180 detects signals received from control device 138 and provides 
instructions/information encapsulated in the signals to processor 162 for further 
processing. 

20 Audio subsystem 176 is responsible for processing audio content 

received from broadcast center 106, and transmitting the processed audio signals to 
audio output device 134 for output to the user. Likewise, video subsystem 178 is 
responsible for processing video content received from broadcast center 106, and 
transmitting the processed video signals to display device 136 for output to the user. 

25 Storage subsystem 164 stores the basic programming modules and 

data constructs that provide the functionality of the various systems embodying the 

15 



Attorney Docket: 005217.P054 

present invention. For example, databases and modules implementing the 
functionality to regulate access to Web and television content according to the 
teachings of the present invention may be stored in storage subsystem 164. 
Processor 162 generally executes these software modules. Storage subsystem 164 
5 may comprise memory subsystem 166 and file storage subsystem 172. 

Memory subsystem 166 typically includes a number of memories 
including a main random access memory (RAM) 170 for storage of instructions and 
data during program execution and a read only memory (ROM) 168 in which fixed 
instructions are stored. File storage subsystem 172 provides persistent (non- 
10 volatile) storage for program and data files, and may include a hard disk drive, a 
floppy disk drive along with associated removable media, a Compact Digital Read 
Only Memory (CD-ROM) drive, an optical drive, or removable media cartridges. The 
databases and modules implementing the functionality of the present invention may 
also be stored by file storage subsystem 172. 
15 Bus subsystem 160 provides a mechanism for letting the various 

components and subsystems of access device 130 communicate with each other as 
intended. Although bus subsystem 160 is shown schematically as a single bus, 
alternate embodiments of the bus subsystem may utilize multiple buses. Further, in 
alternate embodiments of the present invention, the various components of access 
20 device 130 may be directly connected to processor 162. 

Due to the evolving nature of processing units 130, the description of 
access device 130 depicted in Figure 3 is intended only as a specific example for 
purposes of illustrating the preferred embodiment of the present invention. Many 
other configurations of access device 130 are possible having more or less 
25 components than the access device 130 depicted in Figure 3. In light of this 
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disclosure, those skilled in the art will be able to implement different embodiments of 
access device 130 without undue experimentation. 

As previously mentioned, according to an embodiment of the present 
invention, access to multimedia content is regulated by defining or configuring one 
5 or more user objects of CSs 108<m-108mj (Figure 1). Each user object specifies a 
level of access to the Web or television content information. Each user object is 
generally characterized by attributes such as, for example, a user identification code 
that is used to identify the user object, and a set of privileges associated with the 
user object. Using CS 108 (Figure 2) as an example, a user of CS 108 may log onto 

10 a particular user object, which may require the user to enter a password. The 
privileges associated with that particular user object define: (1) the Web or television 
content that the user can access and (2) the manner in which the user interacts with 
system 100 (Figure 1). In a specific embodiment of the present invention, 
information related to the various user objects is stored in access device 130 of 

15 CS 108 and in the server of the interactive television service provider. 

Figure 4 depicts an exemplary control device 150 according to an 
embodiment of the present invention. Control device 150 may be used to control 
the functionality of CS 108 (Figure 2). As shown, control device 150 has the general 
appearance of a common, hand-held remote comprising several buttons to control 

20 the functions of CS 1 08 (Figure 2). 

Figure 5 illustrates logical objects of a single household system 200, 
according to one embodiment of the present invention. This embodiment of the 
system 200 includes four types of logical objects; i.e., an account 201, a 
household 202, user objects UOrUOf and access device objects ADi-AD g . 

25 System 200 illustrates the relationship between the logical objects of a single 
household model. User objects UO-i-UO f and access device objects AD^ADg are 
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associated with household 202, which in turn is associated with account 201. 
Account 201 represents an account maintained by the interactive television service 
provider for record keeping and billing purposes {e.g., a multi-service operator 
(MSO) account). User objects UO-i-UOf and access device objects ADi-AD g are, in 
5 effect, contained in household 202 so that, for example, a change in one of user 
objects UOi-UOf will apply to all of the access device objects ADrAD g . In addition, 
in one embodiment, a single user object may be simultaneously logged on in several 
access devices. 

Figure 6 illustrates logical objects of a multi-household user 

10 system 220, according to one embodiment of the present invention. System 220 is 
similar to system 200 (Figure 5) except that instead of a single household 202 
(FigureS), system 220 includes an account 221 associated with multiple 
households. In the exemplary system shown in Figure 6, system 220 includes 
households HHi-HH q , with each of these households having user objects and 

15 access device objects. In this embodiment, household Hh^ is associated with user 
objects UOn-UOif and access device objects AD<n-ADi g ; household HH2 is 
associated with user objects U0 2 rU02h and access device objects AD21-ADH; and 
so on to household HH q , which is associated with user objects UO q i-UOq r and 
access device objects AD q rAD q t. 

20 Figure 7 illustrates elements associated with a general logical 

object 230, according to one embodiment of the present invention. As previously 
described, accounts, households, user objects, and access devices are all 
represented as logical objects in the user model. Also described above, in 
accordance with the present invention, a logical object is associated with attributes 

25 and data. In Figure 7, these are indicated as attributes 231 and data 232. In this 
embodiment, attributes 231 are related to predefined characteristics of the logical 
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object. For example, a user object's attributes may include an administrator 
attribute (which if enabled allows the user object to have access to defined 
administrative privileges), an email attribute (which if enabled allows the user object 
to send and receive email), among other characteristics. In this embodiment, data 

5 is information that is stored on behave of the logical object. For example, a user 
object's data may include a user name, a channel list (a list of channels that the 
user object has permission to view), among other types of information. Tables 1-4 
in Appendix A summarize attributes and data that can be used for user object, 
household, access device and account logical objects, respectively. 

10 Figure 8 illustrates attributes and data associated with an exemplary 

user object 240, according to one embodiment of the present invention. In this 
embodiment, in addition to the administrator and email attributes previously 
described, attributes 231 associated with user object 240 can include a "pay per 
view" (PPV) attribute, which allows the user object to view PPV programs when 

15 enabled. In addition, attributes 231 can include a "deleted" attribute (which when 
set indicates that the user object has been deleted from the household), and a 
"password" attribute (which when set allows the user object to log on into the user 
object without having to enter a password). In other embodiments, user object 240 
may have other attributes such as, for example, those listed in Table 1 of 

20 Appendix A. Information related to attributes 231 and data 232 can be stored in the 
server of the interactive television system and in the access device(s) of a 
household. 

In this embodiment, data 232 associated with user object 240 can 
include a channel list 244, a list of favorite television channels 245, a list of favorite 
25 web sites 246, and revision information 247. Revision information 247, in this 
embodiment, includes a ticket number 248. Ticket number 248 is used in updating 
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the user object's information in all of the access devices in the same household as 
user object 240. Ticket number 248 and the updating process are described in 
more detail below. In an alternative embodiment, revision information 247 may be 
part of attributes 231 because revision information 247 generally does not include 
5 information directly provided by a user (rather in one embodiment the server 
generates the revision information from data provided by the user). Data 232 may 
also include email messages 249 when the email feature is used. In other 
embodiments, data 232 can include other types of data such as, for example, those 
listed in Table 1 of Appendix A. As previously mentioned, some or all of this 

10 information can be stored in the server and in the access device(s) of a household. 
For example, an access device can store information such as channel list 244, 
television favorites 245, web favorites 246 and revision information 247. 

Figure 9 illustrates an operational flow in using a user model according 
to one embodiment of the present invention. In a step 260, the operational flow 

15 begins with creating an account. For example, in one embodiment, a customer can 
open the account with an interactive television service provider {e.g., a MSO). The 
interactive television service provider operates a server used to control access to 
services and multimedia content provided by the interactive television service 
provider. As previously described, this server can reside in one or more of 

20 broadcast centers 106r106 M (Figure 1). The interactive television service provider 
instantiates the new account so that the server can access information associated 
with the account. 

In a step 262, a household for the account is created. Continuing the 
example described above in conjunction with step 260, the interactive television 
25 service provider instantiates a household for the customer, which is associated with 
the account created in step 260. In other embodiments, the interactive television 
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service provider can create more than one household for the account. The server 
can access information associated with the household. 

In a step 264, an access device object is created and associated with 
the household created in step 262. In one embodiment, when a user connects the 
5 physical access device to a broadcast center (e.g., a H/E), the server detects the 
physical access device and instantiates a corresponding access device object The 
server associates the access device object to the household. One embodiment of a 
process of entering information for a new access device object is described below in 
conjunction with Figure 15. 

10 Although steps 260, 262 and 264 are described sequentially, in light of 

the present disclosure, those skilled in the art can implement other embodiments in 
which these steps are performed in different orders. For example, in one 
embodiment, the household may be created before the account is created. In 
another embodiment, installing the first access device can cause steps 260 and 262 

15 to be performed. 

In a step 266, a user object is created and associated with the 
household created in step 262. In previously mentioned, a user can access the 
interactive television system via an installed access device to create a user object. 
In addition, in one embodiment of step 266, a first user object is automatically 

20 created or instantiated when the first access device is installed. This first user 
object is automatically given permission to access all of the features and privileges 
supported by the interactive television system. Thus, in one embodiment, the first 
user object is instantiated as an administrator, which allows this user object to 
create and modify other user objects. An authorized user can use this first user 

25 object to add other user objects and access device objects as described below. 
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In a step 268, the household and/or account is validated. This 
operation can be used to verify that the interactive television service provider has 
not terminated service for that particular household or account. In one embodiment, 
the server verifies that the household or account is authorized to access the 
5 interactive television system. If the account or household is not valid, the operation 
terminates; otherwise, the operational flow proceeds to a step 270. 

In step 270, the interactive television system is monitored for updates 
related to user objects and access device objects. For example, in one 
embodiment, the server of the interactive television service provider can be 

10 configured to detect, inter alia, installation of a new access device, addition of a new 
user object to the household, and revision of information for an existing user object 
or access device object. In one embodiment, a user can upload this update 
information via one of the access devices that are installed on the interactive 
television system. If the server does not detect any such update, the operational 

15 flow loops back to step 268. Conversely, if the server does detect an update, the 
operational flow proceeds to a step 272. 

In step 272, the update information is received and stored for the 
household by the interactive television system. In one embodiment, the server 
stores this received update information. In this embodiment, the server maintains a 

20 record of information for the account logical object, and the associated household, 
user and access device logical objects. 

In a step 274, the update information is then distributed to the access 
devices associated with the household. In one embodiment, the server sends the 
update information received via an access device to all of the other access devices 

25 of the household. One embodiment of this operation is described in more detail 
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below, in conjunction with Figure 12. The operational flow then loops back to 
step 268. 

Although steps 268, 270, 272, and 274 are described sequentially, in 
light of the present disclosure, those skilled in the art can implement other 
5 embodiments in which the steps are performed in a different order, or with some 
steps performed concurrently. 

A situation may arise when a user attempts to update information for a 
logical object while another user is already updating that particular logical object. In 
one embodiment, the most recent update information is used while the earlier 
10 update information is disregarded (i.e., the race condition is resolved using last-in 
semantics). In another embodiment, the first user to begin the updating operation 
locks out the second user until the first user's update is completed. 

Figure 10 illustrates the operational flow of step 266 (Figure 9), 
according to one embodiment of the present invention. In particular, Figure 10 
15 illustrates the addition of a new user object to a household, according to one 
embodiment of the present invention. 

In a step 280, information for a new user object is received. In one 
embodiment, the server of the interactive television system receives this information 
from either a user via an access device, or from a customer service representative 
20 (CSR) of the interactive television service provider. For example, a user can provide 
the new user object information to the server via the access device. This user 
object information can include an identifier (i.e., identifying the particular 
configuration parameter) and a value for a particular configuration parameter of the 
new user object. One embodiment of step 280 is described below in conjunction 
25 with Figure 10A. In addition, one embodiment of a process by which a user enters a 
new user object is described below in conjunction with Figure 16. 
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In a step 282, the received user object information of the new user 
object is assigned a ticket number. In one embodiment, the server increments the 
most recent ticket number the server has used and assigns this incremented ticket 
number to the received user object information. In this way, the server provides an 
5 identifier to each received set of user object information. 

In a step 284, the ticket number and a bit vector for the received user 
object information is stored. In one embodiment, the server stores the ticket number 
and the bit vector in a revision history. The revision history can be of fixed size, with 
a new entry (/.e., ticket number and corresponding bit vector) replacing the oldest 
10 remaining entry if the revision history is full. 

In this exemplary embodiment, each bit of the bit vector corresponds 
to a configuration parameter or setting (hereinafter configuration parameter) of a 
user object. A bit in the bit vector is set when the corresponding configuration 
parameter is "updated" (which includes adding a value for a newly created user 
15 object). 

In a step 286, the ticket number is provided to the particular access 
device that was used to provide the user object information of the new user. In one 
embodiment, the server provides the ticket number to the access device. The 
access device can store the ticket number as a way of keeping track of its 

20 configuration. In one embodiment, the access device stores the ticket number in 
revision information file 247 (Figure 8). In other embodiments, step 286 may be 
performed before or concurrently with step 284. 

Figure 1 0A illustrates step 280 in which user object information is 
received, according to one embodiment of the present invention. In one 

25 embodiment, a step 287 is performed in which the user object is created. In an 
embodiment, the server of the interactive television system creates the user object 
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with default information. For the first user object being created, the default includes 
setting the administrator attribute. For subsequent user objects, the administrator 
attribute would not be set. In one embodiment, the server causes the access device 
to display the default information, which the user or CSR can modify. For example, 
5 this information may be presented in a menu. The user or CSR could then select a 
desired setting and modify it. In another embodiment, the access device may be 
configured to display the menu when it is first connected to interactive television 
system 100. In another embodiment, for example, the access device may be 
configured to prompt the user to enter information for each setting instead of a using 
10 a menu. 

In a step 288, modifications to the default settings are received. In 
one embodiment, the server receives the modifications from the access device. 
Alternatively, the modifications can be provided through another mechanism (e.g., 
from a CSR through a computer terminal). For example, after the user has 

15 completed all of the modifications, the access device may prompt the user or CSR 
for a confirmation and then send the modifications to the server. 

In one embodiment, the server receives a series of user object 
information messages from the access device. Each message has a value for one 
configuration parameter and a bit vector with the bit corresponding to the 

20 configuration parameter being set. The server of the interactive television system 
stores this user object information. 

In an alternative embodiment, the access device would send a 
message with a bit in the associated bit vector being set to indicate that the user 
object information corresponds to a new user object. The message would also 

25 include the values for all of the configuration parameters in a predefined order. 
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In a step 289, the user object information is committed to the 
corresponding household. In one embodiment, after all of the configuration 
information is received, the server stores the received user object information and 
associates it with the household of step 262 (Figure 9). 

5 Figure 11 illustrates a revision history 292, according to one 

embodiment of the present invention. In this embodiment, revision history 292 can 
store N (N being an integer greater than or equal to zero) entries related to a 
particular household (i.e., each household will have its own revision history). In this 
exemplary embodiment, revision history 292 includes a ticket number field 294 and 

10 a bit vector field 296. Revision history 292 can include other fields (not shown) in 
other embodiments. In one embodiment, each entrys bit vector can have only one 
bit set. In the exemplary embodiment shown in Figure 11, revision history 292 is 
completely filled with N entries. These entries have ticket numbers X through X+N 
(X being an integer greater than or equal to zero) and corresponding 8-bit bit 

15 vectors. For example, the earliest entry in revision history 292 has a ticket number 
X and a bit vector of "00010000", and latest entry has a ticket number X+N and a bit 
vector of "00000100". In other embodiments, a bit vector can have more than one 
bit set. As will be described in more detail below, revision history 292 can be used 
to determine the updates needed for the access devices in its associated 

20 household. 

Figure 12 illustrates one embodiment of step 274 (Figure 9), according 
to one embodiment of the present invention. As previously described, step 274 
updates information in access devices in a household. 

In a step 301, updated information is received. In one embodiment, 
25 the server receives the updated information from an access device of a household. 
In an alternative embodiment, the updated information is received from another 

26 
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source (e.g., from a CSR using a computer). One embodiment of step 312 is 
described in more detail below in conjunction with Figure 13. 

In a step 303, updates for each access device in the household are 
determined. In one embodiment, the server determines these updates using a 
5 polling scheme in conjunction with revision history 292 (Figure 11) and the access 
device's most recent ticket number. One particular implementation of the polling 
scheme embodiment is described below in conjunction with Figure 14. In other 
embodiments, when a user instantiates a user object via an access device, the 
access device may send a message with its most recent ticket number to the server, 

10 which then determines the update to send back to that access device using revision 
history 292. The server may be configured to determine only the updated user 
object information for the instantiated user object, rather than all the updates for 
needed by that particular access device. In another embodiment, each access 
device may be configured to periodically send messages with its most recent ticket 

1 5 number to check for updates. 

In a step 305, updated user object information is provided to the 
access devices in the household. In one embodiment, the server provides the 
updated user object information determined in step 303 above. For example, when 
an access device sends its most recent ticket number to the server, the server 

20 determines the update as in step 303 and then sends updated user object 
information to that access device in step 305. In one embodiment, the server would 
send to the access device an update vector. The update vector would have one or 
more set bits, each set bit indicating a particular configuration parameter to be 
updated in that access device. The access device would then request updated 

25 information from the server as indicated by the bits that are set in the update vector. 
In one embodiment, the access device would request the indicated updated user 
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object information one configuration parameter at a time. This process would then 
be repeated for all of the other access devices in the household that are coupled to 
the server. 

Figure 13 illustrates an implementation of step 301 (Figure 12), 
5 according to one embodiment of the present invention. This process is similar to the 
process of adding a new user object as described above in conjunction with 
Figure 10, with a few minor exceptions as described below. 

In a step 311, updated user object information for an existing user 
object is received. In one embodiment, the server of the interactive television 
10 system receives this updated user object information from a user via an access 
device or from a CSR via an access device or computer. One embodiment of a 
process of entering this updated user object information is described below in 
conjunction with Figure 17. In accordance with one embodiment of the present 
invention, the user object information can include a value for the particular 
15 configuration parameter being updated and a bit vector with the bit corresponding to 
that configuration parameter being set. The server of the interactive television 
system can then store the received updated user object information. 

In a step 313, the received updated user object information is assigned 
a ticket number. In one embodiment, the server increments the most recent ticket 
20 number in revision history 292 (Figure 11) and assigns this incremented ticket 
number to the received user object information. 

In a step 315, the ticket number and the bit vector for the received user 
object information is stored. In this embodiment, the server stores the ticket number 
and the bit vector in the revision history (Figure 11), replacing the oldest remaining 
25 entry if revision history 292 is full. 
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Figure 14 illustrates an implementation of step 303 (Figure 12), 
according to one embodiment of the present invention. As previously described, 
step 303 determines the updated information to provide to a particular access 
device. 

5 In a step 321, a ticket number corresponding to the current 

configuration of an access device is received. In one embodiment, the server of the 
interactive television system receives the ticket number from its corresponding 
access device. For example, an access device could provide the ticket number in 
response to a query from the server or, alternatively, in response to an instantiation 

10 of a user object in that access device (described above in conjunction with 
Figure 12). The server can keep a record of the ticket number and the access 
device that provided the ticket number. 

In a step 323, an update vector is determined. In one embodiment, 
the server determines the update vector using the received ticket number and 

15 revision history 292 (Figure 11). In this embodiment, for example, the server 
determines the logical-OR of the bit vectors of all of the entries in revision history 
292 associated with ticket numbers that are more recent than the received ticket 
number. These more recent ticket numbers are associated with updates that 
occurred after the current configuration of the access device. The resulting update 

20 vector will typically have some bits that are set and some that are not, with the set 
bits indicating configuration parameters that need to be updated. If all of the ticket 
numbers stored in revision history 292 are more recent than the received ticket 
number, the server can set all of the bits in the update vector (/.e., indicating that all 
of the user object information in that access device needs to be updated). 

25 In a step 325, the update vector is provided to the access device. In 

one embodiment, the server provides the update vector to the access device. The 
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server can provide this update vector to the access device automatically after 
determining the update vector for that access device. In an alternative embodiment, 
the server can wait for a request from the access device before providing the update 
vector to the access device. 
5 In a step 327, the server then provides to the access device the user 

object information corresponding to the set bit or bits of the update vector. For 
example, as previously described, each time a configuration parameter is updated, 
the server stores this updated information. Thus, the server should have the most 
up-to-date configuration of each logical component in the household. In one 

10 embodiment, the server can provide the value for each of these configuration 
parameter(s) in response to a request by the access device. In this embodiment, 
the access device, having received the update vector, knows which configuration 
parameters need to be updated. The access device can then request the most 
recent value of each configuration parameter from the server when convenient for 

15 the access device. The access device can request the updates one configuration 
parameter at a time or in one request. In an alternative embodiment, the server, 
having determined the update vector, can push the updated values onto the access 
device. 

In addition, the ticket number associated with each update is provided 
20 to the access device. In one embodiment, the server sends this ticket number to the 
access device along with the corresponding updated user object information. For 
example, in an embodiment in which the server pushes the updated values to the 
access device, the server can push them in reverse order (i.e., the most recent 
update being last). The server can provide the updated value, a bit vector with a bit 
25 set to indicate the configuration parameter of the updated value, and the ticket 
number of the update. The access device can overwrite the ticket number in its 
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revision information file 247 (Figure 8) with each update received from the server. 
Alternatively, in an embodiment in which the server provides all of the updates in 
one message, the server can provide all of the updated values and the ticket 
number corresponding to the most recent update in the group of updated values. 

5 Figure 15 illustrates one embodiment of adding a new access device 

to a household, according to the present invention. The operational flow starts 
when a user couples a new access device to the interactive television system (e.g., 
by connecting the access device to a broadcast center). In this context, a new 
access device is an access device that does not have an access device object 

10 associated with a household. In this exemplary embodiment, the access device is 
configured to perform the steps of the operational flow. 

In a step 340, the server of the interactive television system is 
informed that a new access device is being connected to the interactive television 
system. In one embodiment, the access device is configured to send a message to 

15 the server indicating that it has not been associated with a household. In a further 
refinement, the access device can prompt the user installing the access device to 
enter the household (e.g., via a household login procedure) and then provide this 
household information in the message that the access device sends to the server. 

In a step 341, the access device determines whether there are any 

20 user objects associated with the household. For example, if the access device is 
the first access device added to the household, it is possible that the household 
does not yet have a user object. In one embodiment, in response to the access 
device's message in step 340, the access device receives a message from the 
server that indicates whether the access device is the first access device of the 

25 household. If the access device is not the first access device of the household, a 
step 342 is performed in which the access device receives user object information 
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from the server. For example, the server may send (i.e., push) the most recent user 
object information for all of the user objects associated with the household (including 
the most recent ticket number) to the access device. The access device's 
configuration information can, for example, include a media access control (MAC) 

5 address, personal identification numbers (PINs) for various services provided by the 
interactive television system, and a list of privileges for default operation (i.e., 
without logging onto a user object). In addition, the access device can provide the 
access device's configuration information to the server in order to create a new 
access device object. Alternatively, the access device may request (i.e., pull) the 

10 most recent user object information from the server of the interactive television 
system. 

Conversely, if the access device is the first access device of the 
household, the operational flow proceeds to a step 344, which begins the operation 
of creating a first user object. In an alternative embodiment, the first user object 

15 may have been created by the interactive service provider beforehand when the 
user subscribed to the service, allowing the user to skip step 344. 

In step 344, the access device begins the process to create the first 
user object. In one embodiment, this first user object is provisioned with default 
information. The first user object has its administrator attribute automatically 

20 enabled. This configuration setting is performed automatically because the first user 
object to be added to the household generally indicates that a new account is being 
created. As previously described, when an account is created, a household is 
automatically created. In addition, when the first access device for the household is 
activated, the first user object can also be created in step 344. The first user object 

25 is created with administrator privileges enabled so that an authorized user can log 
onto the first user object to create and update other user and access device objects. 
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In a step 346, the access device receives modifications to the default 
user object information. For example, the access device can display the default 
information in a menu. The user or CSR can then select information items from the 
menu to modify. 

5 In an alternative embodiment, the access device prompts the user to 

enter the new user object information via control device 138 (Figure 2). The access 
device receives the new or modified user object information and can store it as part 
of its attributes 231 and data 232 (Figure 7). 

In a step 352, the access device provides to the server the user object 
10 information the access device received for the first user object in step 346. In one 
embodiment, the access device provides this information in a series of messages to 
the server. Alternatively, the access device can provide each piece of user object 
information to the server before prompting the user to enter the next piece of 
information. 

15 In a step 354, the access device receives a ticket number from the 

server. As previously described, the ticket number indicates the current 
configuration of the access device. In one embodiment, the server provides a ticket 
number in response to each piece of user object information received from the 
access device. This embodiment is useful in embodiments of step 352 in which the 

20 access device provides each piece of user object information to the server before 
prompting the user for the next piece of information. 

Figure 16 illustrates one embodiment of adding a user object to a 
household, according to the present invention. The operational flow of one 
embodiment starts with a user being logged onto an existing user object. In this 

25 exemplary embodiment, the access device is configured to perform the steps of the 
operational flow. 

33 



Attorney Docket: 00521 7.P054 

In a step 360, the access device receives a request to add a new user 
object. In one embodiment, a user logs onto an existing user object and then enters 
the request to add the new user object via control device 138 (Figure 2). 

In a step 362, the access device is configured to determine whether an 
5 administrator attribute was enabled in the existing user object in which the user is 
logged onto. In one embodiment, the access device can check its own stored user 
object configurations to determine whether the user object has its administrator 
attribute enabled. If the existing user object does not have its administrator attribute 
enabled, the operational flow terminates because in this embodiment only 

10 administrators can add a new user object. If the existing user object does have its 
administrator attribute enabled, the operational flow proceeds to step 344. 

As previously described in conjunction with Figure 15, in step 344, the 
access device then receives default user object information for new user object that 
is being added. In one embodiment, the access device provisions the new user 

15 object with default information, which the access device displays to the user. 
Alternatively, the access device can be configured to prompt the user to enter the 
new user object information and skip down to step 352. 

In steps 346, 352, and 354 (also described above in conjunction with 
Figure 15), the access device receives modifications to the default user object 

20 information, sends the new user object information to the server and receives one or 
more ticket numbers associated with the new user object information. In alternative 
embodiments, the request to add a user mode need not come via an access device. 
For example, a CSR can make the request and provide the new user mode 
information using a computer coupled to the server. 

25 Figure 17 illustrates one embodiment of revising a user object, 

according to the present invention. The operational flow starts with a user being 
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logged onto an existing user object. In this exemplary embodiment, the access 
device is configured to perform the steps of the operational flow. 

In a step 380, the access device receives a request to revise user 
object information for an existing logical object. In one embodiment, the user logged 
5 onto the existing user object makes the request to revise the existing logical object 
via control device 138 (Figure 2). In this embodiment, the logical object is a user 
object. However, in light of the present disclosure, those skilled in the art can 
implement an operational flow for revising other logical objects without undue 
experimentation. 

10 In a step 382, the access device determines whether an administrator 

attribute was enabled in the existing user object in which the user is logged onto. In 
one embodiment, the access device can be configured to check its own stored user 
object information to determine whether the "logged on" user object has its 
administrator attribute enabled. The request of step 380 can be to revise the 

15 "logged on" user object or another user object in the household. If the "logged on" 
user object does not have its administrator attribute enabled, the operation flow 
jumps to a step 386 (described below). In contrast, if the "logged on" user object 
does have its administrator attribute enabled, the operational flow proceeds to a 
step 383. 

20 In step 383, the access device determines whether the request of 

step 380 is to revise a protected setting or settings of the exiting user object. For 
example, as previously described, some attributes can only be changed by an 
administrator (referred to in this context as a protected setting). If the request is not 
to revise a protected setting or settings, the operational flow proceeds to step 386 

25 (described below). However, if the request is to revise a protected setting or 
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settings, the operational flow proceeds to a step 384. In an alternative embodiment, 

step 383 may be performed before step 382. 

In step 384, the access device can receive the revised setting or 

settings for the protected setting of the existing user object (i.e., the user object that 
5 is being revised). In one embodiment, the user enters the revised setting or settings 

via an input interface for the access device (e.g., control device 138 in Figure 2). 

In step 386, the access device can receive revised non-protected 

settings for the existing user object. As described in step 384 above, the user can 

enter the data via an input interface for the access device. 
10 In one embodiment, steps 383, 384 and 386 are performed 

concurrently. The access device may display all of the user object's information, for 

example, in a menu. The user can select settings to be revised. The access device 

is configured to determine whether the selected setting is protected. Non-protected 

settings can be revised by any "logged on" user object. If the setting is protected, 
15 the access device is configured to determine whether the "logged on" user object 

has its administrator attribute enabled before allowing the protected setting to be 

revised. 

Alternatively, the access device can be configured to determine 
whether the "logged on" user object has its administrator attribute enabled. If 
20 enabled, the access device can display a menu with all of the settings (both 
protected or non-protected). If not enabled, the access device can be configured to 
display a menu with only non-protected settings. The user could then select and 
revise any of the displayed settings. 

In a step 388, the access device provides to the server the revised 
25 user object information received in steps 384 and 386. In one embodiment, the 
access device provides this information in a series of messages to the server. 
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Alternatively, the access device can provide each piece of user object information to 
the server before prompting the user to enter the next piece of information. The 
operational flow then proceeds to step 354, which has been previously described in 
conjunction with Figure 15. 
5 In alternative embodiments, the request to revise a user mode need 

not come via an access device. For example, a CSR can make the request and 
provide the revised user mode information using a computer coupled to the server. 

Figure 18 illustrates one embodiment of using a single password 
protected logon for accessing multiple password protected services, according to 

10 the present invention. In this embodiment, the operational flow starts with a user 
being logged onto an existing user object. In this exemplary embodiment, the 
access device is configured to perform the steps of the operational flow. 

In a step 390, the access device receives a request to access a 
password protected service (e.g., PPV, VOD, etc.). In one embodiment, the user 

15 logged onto the existing user object makes the request for the service via control 
device 138 (Figure 2). 

In a step 391 , the access device determines whether the user object is 
authorized to access the service. For example, the user object may have been 
configured to deny access to the service because the service provides adult or 

20 violent content. If the user object is not authorized to access the service, the 
operational flow proceeds to a step 393. 

In step 393, the access device provides an indication that the user 
object is not authorized to access the service, or that the requested access was 
denied, or other similar message. For example, the access device may display such 

25 message via display device 136 (Figure 2). 
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However, if in step 391 the access device determines that the user 
object is authorized to access the service, the operational flow proceeds to a 
step 395. In step 395, the access device determines whether the password 
corresponding to the requested service and the user object is stored in the access 
5 device. This password may be part of the data associated with the access device 
object (see Table 3 of Appendix A). 

If the password is stored in the access device, the operational flow 
proceeds to a step 396. In step 396, the access device retrieves the password for 
the requested service from memory 166 (Figure 3). 

10 Conversely, if the password is not stored in the access device, in a 

step 398 the access device gets the password from the user. For example, the 
access device may perform a password challenge operation. This feature is useful 
because some services do not allow the password to be stored on the access 
device (e.g., access to a "wallet" service). 

15 In a step 399, the access device then sends the password (either 

retrieved from memory 166 or inputted by the user in response to a password 
challenge operation) to the service provider. The service provider would then allow 
access to the service if the password were correct. 

The above description of illustrated embodiments of the invention, 

20 including what is described in the Abstract, is not intended to be exhaustive or to 
limit the invention to the precise forms disclosed. While specific embodiments of, 
and examples for, the invention are described herein for illustrative purposes, 
various equivalent modifications are possible within the scope of the invention, as 
those skilled in the relevant art will recognize. 

25 These modifications can be made to the invention in light of the above 

detailed description. The terms used in the following claims should not be 
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construed to limit the invention to the specific embodiments disclosed in the 
specification and the claims. Rather, the scope of the invention is to be determined 
entirely by the following claims, which are to be construed in accordance with 
established doctrines of claim interpretation. 
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TABLE 1 
USER OBJECTS 



User Name 


Data that includes an identifier to which all user data 
and attributes are associated. The user name is unique 
and is used for logging in from access devices. In some 
embodiments, the user name can be associated with an 
email address. 


User Password 


Data that includes a password used to verify the identity 
of the user logging in. In one embodiment, the 
password is not retrievable by a user. 


Administrator 


An attribute that when enabled allows the user object to 
have administrative privileges. For example, when 
logged into a user object with the administrator attribute 
enabled, the administrator can change or add user 
object information for other user objects. 


User Password Optional 


An attribute that when enabled, allows a user to access 
a television account without a password. This attribute 
allows a user to view television but not to access other 
interactive television services. 


User Household 


Data that includes an identifier used to identify the 
household to which the user object is associated. 


User Email Address 


Data that includes an identifier representing the email 
address of the user object with regard to the interactive 
television system. In some embodiments, the user 
email address is the same as the user name. 
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Email Enabled 


An attribute that when enabled allows the user object to 
access an email account. 


Screen Name 


Data associated with a user name that is displayed by 
the access device (for example a set top box). The 
screen name need only be unique within a household. 
In a further refinement, if the screen name is not set, the 
access device can default to displaying the user name. 


Deleted 


An attribute that when enabled deletes a user object 
from a household. The user objects data and attributes 
are not actually deleted, but are not accessible by a 
user. This attribute allows the interactive television 
service provider to resurrect the user object as desired. 


Revision History 


Data used in keeping track of updates to the user 
object. In one embodiment, the revision history includes 
entries for each update, each entry having at least a 
ticket number and a bit vector indicating which 
configuration perimeter has been updated. 


Channel List 


Data that includes the channels that are accessible via 
the user object. For example, a parent can create the 
channel list for a child with only channels that have no 
adult or violent content. In another embodiment, the 
channel list may also include a list of favorite channels, 
which are a subset of the accessible channels. 


Persistent Cookies 


Data that includes a list of cookies and associated 
information maintained on behalf of the user object. 


Mail Data 


A directory structure for mail folders and message data. 
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Web Favorites 


Data containing a list of favorite web sites or web pages 
for the user object. 


TV Favorites 


Data containing a list of favorite television channels, in 
one embodiment, TV favorites are included in the 
channel list. 


QWERTY Keyboard 


An attribute that when enabled displays an onscreen 
keyboard in the QWERTY format rather than in 
alphabetical order. 


Allow PPV 


An attribute that when enabled, allows the user object to 
purchase pay per view events. 


PPV PIN 


Data that includes a user object's personal identification 
number for authorizing a PPV purchase. User object 
PPV PIN is optional. In an alternative embodiment, the 
PPV PIN associated with an access device. 


Partner Login 


Data that includes multiple user names and passwords, 
each user name and password being associated with a 
different interactive television service provider partner. 
This allows a user to log onto a user object with a single 
password and access services from partners without 
having to reenter a user name and password for that 
particular partner. 


Login Challenge 


A process that occurs when a user begins to log onto a 
user object from an access device registered with a 
household. The login challenge displays a list of screen 
names of all user objects registered in the current 
household for use when an access device displays a 
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login challenge. When a user wishes to log on to a user 
object, the user selects his or her screen name from the 
displayed list and enters the password. 


External Login Challenge 


A process that occurs when a user attempts to access 
data from an access device that does not belong to the 
household. The external login challenge can also be 
used when the access device is not capable of 
recognizing what household it belongs to. In one 
embodiment, the external login challenge prompts the 
user to enter a user name and password. 


Anonymous User 


Data that includes the attributes and data of an 
anonymous user object. The anonymous user object is 
only available when watching full screen television and 
does not allow access to any interactive television 
service. The anonymous user object can be accessed 
by logging out and is the default state on power up. The 
anonymous user object inherits the common subset of 
restrictive attributes of all registered user objects in the 
household. 


Logging Out 


A process available to any logged in user object. The 
result of executing the logging out process is the logging 
in of the anonymous user. 


Access Control Lists 


Data that includes a list of all privileges available to the 
user object and a list of registered user objects. An 
administrator can edit the access control lists to control 
the privileges available to each registered user. 
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TABLE 2 
HOUSEHOLD 



Account ID 


Data that includes a unique identifier for an account with 
an interactive television service provider. 


Adding Users 


A process that occurs to add a new user object to the 
household. Additional user objects can be added to the 
household as long as the number of user objects is less 
than a specified maximum number. Only an 
administrator can add a user object to a household. 


Removing Users 


A process that occurs to remove a user object from a 
household. The data and attributes associated with the 
user object are not removed, but the user object is 
"deleted" (see Table 1). The data and attributes of a 
deleted user object are not accessible by other users 
unless an administrator "un-deletes" the user object. 


User List 


Data that includes a list of registered users within a 
household. In one embodiment, the user list includes a 
list of user names. 


Current User Count 


Data that includes the current number of user objects 
registered in the household. This number will always be 
greater than zero and less than or equal to a maximum. 


Maximum User Count 


Data that includes the maximum number of user objects 
allowed in a household. 


Household Identifier 


Data that includes a unique identifier for the household. 
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TABLE 3 
ACCESS DEVICE 



Household Identifier 


Data that includes the identifier of the household to 
which the access device belongs. 


MAC Address 


Data that includes the media access control (MAC) 
address of the device. 


Default User Object 


Data that identifies the user object to become active 
when the access device is first activated or turned on. 
In one embodiment, the first user object registered in 
the household is the default user object. If this first user 
object is password protected, then the anonymous user 
object becomes the default user object. In one 
embodiment, an administrator can designate any non- 
password protected user object in the household to be 
the default user object. 


PPV PIN 


Data that contains the personal identification number 
used for authorizing pay per view services. In one 
embodiment, the PPV PIN is stored in the access 
device and is not exposed to users. 


Television Control PIN 


Data that includes a personal identification number for 
locking and unlocking channels. 
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TABLE 4 
ACCOUNT 



MSO 


Data that contains the name of the MSO (Multi-Service 
Operator) to which the account object is associated. 


MSO Account ID 


Data that contains the MSO account number to which 
the account object is associated. 


Households List 


Data that contains the number of household objects 
associated with the account object, and the household 
identifiers of these household objects. 


Total Households 


Data that contains the number of household objects in 
the account object. In one embodiment, this information 
is stored in the Households List. 


Total Users 


Data that contains the total number of user objects 
associated with the account object. 


Total Access Devices 


Data containing the total number of access device 
objects associated with the account object. 
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